TAS3 Architecture Explained (Video, 15min)

Quotes

Conor Cahill said back in 2006:

IMNSHO, better go Liberty up front and have the confidence that you
do not need to upgrade later - or run two parallel systems. The Liberty
(or SAML 2.0) system is comprehensive and addresses every use case
anyone has thought so far. The percieved complexity is really an
implementation issue and not underlying property of the spec. Since
we provide an implementation, the "complexity" is not customer problem.

Scott Cantor and Peter Williams said on 5.11.2010 on wsf-dev@lists.openliberty.org

Peter Williams said:

I'm guessing that, in the culture that admires dumb clients, that
what holds ECP (and cardspace) back is the inability to convince server
vendors to commoditize this role for a browser.

That, among other things, like the obsession with reinventing all
things XML in a misguided effort to dumb down security technologies so
that the wrong people can implement them. -- Scott

What is it?

mod_auth_saml: An Apache httpd auth module that does SAML SSO. No programming,
just configure Apache, see receipe.
Web Master - you need this because it is a config only install, no programming.

zxididp: Full featured Identity Provider and Discovery Service, as deployed
by ZXIDP.org

libzxid C library for SAML 2.0 federated Single Sign-On (SSO) and ID-WSF Web
Services. Many other language bindings are supported through SWIG.
IdM Hacker - you need this because it supports all relevant protocols, you will
study it and you will contribute patches (thanks).

Status

1.22 (20141009) is most stable release prior to OAUTH2 work

1.02 (20110725) stable "1.0" release.

0.82 (20110310) is 1.0 Release Candidate. As of 0.41 (20091120) the package has been mature for
doing SSO and other SP related tasks. It also supports perl and
mod_perl by way of Net::SAML module, PHP5 (and php4) using
php_zxid.so, as well as Java using libzxidjni.so. The Java
support includes SSO servlet to be used with Tomcat or other
application server.

mod_auth_saml is fully production grade and can be used to implement
SSO to Apach httpd just by configuring (no programming needed).